CVE-2020-13942 Scanner
CVE-2020-13942 scanner - OGNL Injection (Object-Graph Navigation Language) vulnerability in Apache Unomi
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
30 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Apache Unomi is a popular open-source customer data platform that is used to collect, store and manage user data from various sources. It provides a centralized location for businesses to organize and analyze data, helping them to better understand their customers and provide personalized experiences. The platform is highly adaptable and can be easily customized to suit specific business needs. It boasts a range of features, including segmentation, personalization, and real-time analytics.
The CVE-2020-13942 vulnerability is a critical security flaw that was recently discovered in Apache Unomi. This vulnerability concerns the /context.json public endpoint, which is susceptible to malicious OGNL or MVEL scripts injections. Although this flaw was partially resolved with version 1.5.1, a new attack vector was found in version 1.5.2. The issue completely filters all scripts from the input to protect against script injection attacks.
When exploited, this vulnerability can lead to unauthorized access to sensitive user information stored on the Apache Unomi platform. This can compromise customer privacy and breach data protection regulations such as GDPR. Attackers can potentially gain access to login credentials, banking information, and other sensitive data and exploit it maliciously. This flaw poses a significant threat to businesses that rely on Apache Unomi to collect user data.
In conclusion, thanks to the pro features of the s4e.io platform, businesses can easily and quickly learn about vulnerabilities in their digital assets. Identifying and addressing security flaws early is essential to ensure business continuity and customer trust. The platform utilizes advanced scanning and testing techniques that can identify key vulnerabilities in web applications, databases, and other digital assets. It provides businesses with detailed reports and recommendations to help them strengthen their security posture and protect against potential attacks.
REFERENCES
- http://unomi.apache.org./security/cve-2020-13942.txt
- lists.apache.org: [unomi-dev] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi
- lists.apache.org: [unomi-users] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi
- lists.apache.org: [unomi-users] 20201124 Apache Unomi 1.5.4 Release
- lists.apache.org: [unomi-dev] 20201124 Apache Unomi 1.5.4 Release
- openwall.com: [oss-security] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi
- lists.apache.org: [announce] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi
- https://advisory.checkmarx.net/advisory/CX-2020-4284
- lists.apache.org: [unomi-commits] 20210428 svn commit: r1889256 - in /unomi/website: contribute-release-guide.html documentation.html download.html index.html security/cve-2021-31164.txt
